Contingency Planning 101: Facing Unexpected Events in Uncertain Times
By Samantha Beavers
Landslides. Pandemics. IT failures. What do these have in common? All can be prepared for with contingency planning. A strategy employed by businesses to respond to future risk events, contingency planning helps businesses chart their course forward and come out stronger on the other side.
And according to Bonnie Hancock, executive director of NC State’s Enterprise Risk Management (ERM) Initiative, it has a wide variety of applications.
“In a very broad sense, it’s a tool that helps businesses support their long-term strategies and plan for the unexpected. And it can be applied to any event that businesses want to plan for but can’t ultimately control,” she says.
Contingency planning, at its simplest level, involves three key elements:
- Identifying the events to plan for
- Developing the plan itself
- Defining the trigger point
To make sure the plans will work when they’re most needed, Hancock also recommends that businesses communicate their plans clearly and revisit and test them out regularly. And businesses looking to get the most out of the tool, she says, shouldn’t focus solely on their potential disruptions – but also on their strategic objectives.
Surveying the landscape
To get started with contingency planning, businesses must first conduct a risk assessment in which they identify and analyze their potential risks. Then, keeping their strategic objectives in view, they should prioritize them in order to determine which events they need to plan for.
“You’ll want to think first and foremost about the things that could kill your business. Consider your mission-critical operations, your most important products and your biggest suppliers. What events could cause the most disruption and have the greatest potential impact across the organization?” Hancock explains.
“Businesses should also consider unexpected events that have an upside. If a product launch is wildly successful, for example, how can the business take advantage of it? Rather than plowing forward with the original plan, it may be best to change course,” she continues.
With this, businesses will want to consider the many possible scenarios that could unfold – as well as any potential series of events.
“You’ll want to consider this from several different angles to really size up the risk and opportunity, so this process should ideally involve a cross-disciplinary group of people,” Hancock says. “You’ll certainly want to involve everyone in the C-suite, but it’s also helpful to have a lot of different functions represented – including leaders from each business unit, the people closest to operations and support functions like HR and finance.”
Developing the plan
After conducting the risk assessment, organizations can start formulating their responses and determining who should be responsible for what, what resources are needed, which actions to take – and when – and so on.
“You’re essentially answering the who, what, when, where and how. It may be helpful to develop some flowcharts and map out timelines to follow as well,” Hancock says.
To kill two birds with one stone, businesses also ought to consider which scenarios involve similar consequences.
“A lot of risk events will have some overlap. Both a snowstorm and a pandemic will prevent employees from coming to work, for example,” Hancock explains. “So rather than developing separate contingency plans for each one, organizations can group together the scenarios with common impacts.”
And the best course of action, she says, is a simple one. Plans that are overly complicated may be too difficult to execute, so companies should focus on developing plans that are as simple as possible. This should also help minimize costs.
Defining the trigger point
If the goal of contingency planning is to be proactive rather than reactive, then the process isn’t complete until it has identified a trigger point. What percentage of employees must be affected and unable to come to work for the plan to go into effect? How close does the hurricane need to be? What percentage of sales need to drop?
By determining clearly defined trigger points beforehand, organizations can spring into action before it’s too late.
“This allows companies to respond to an event swiftly rather than waiting until they’re in the thick of it. If you have a great plan but don’t have a trigger point, you’ll keep delaying and lose time – and your plan won’t be effective anymore,” Hancock says.
To help determine a trigger point, companies should look to objective indicators. This not only keeps them from waiting until the eleventh hour, but also helps them ensure that they aren’t overly emotional in their response.
“The amount of data available today has made this part of the process a lot easier. The downside, though, is that you might have conflicting data. That’s why identifying credible sources you can hang your hat on is so important,” Hancock says.
It’s also important for companies to keep in mind that events can occur to varying degrees. Hurricanes, for instance, can be classified as a category one or category five – and that can make all the difference in an organization’s response.
Finalizing the details
In addition to developing the plan and identifying the trigger point, companies must take a few additional steps to ensure they’re better prepared for unexpected events.
Most importantly, they need to communicate the plan, inform everyone involved of their responsibilities and ensure the critical people have the buy-in and expertise needed to act when the time comes. Additionally, companies should test the contingency plan out in order to make sure it works.
“You can’t develop the plan and then put it on a shelf. Even if you think you have a great plan in place, you need to run the fire drill and test it out periodically,” Hancock says.
“Conducting these tabletop exercises helps you see whether the plan works like you thought it would, gauge your preparedness and start filling the gaps. Data helps, too. You can measure the effectiveness of the plan and determine whether you need to make modifications based on what you’re seeing out there,” she continues.
Beyond communicating and testing the plan, organizations should also revisit it regularly – ensuring that the key players charged with carrying it out haven’t shifted roles and that any major changes in the company have been taken into account.
“Revisiting these plans annually is a good rule of thumb, but it may be helpful to revisit them sooner if significant changes have occurred in the company – such as restructures, new headquarters or adjustments to the product mix,” Hancock says.
Seizing the opportunities
In an uncertain world filled with unexpected events, contingency planning is an invaluable risk management strategy. Many companies, though, aren’t leveraging it to its fullest potential.
“A lot of companies only think about contingency planning in relation to certain events, like natural disasters, that disrupt operations,” Hancock says. “And while contingency planning is absolutely essential for these types of events, it can also be used to plan for more strategic things – like unexpected competitor moves. Companies that aren’t leveraging contingency planning to advance their strategic objectives are missing a huge opportunity.”
Interested in a career in risk management? Click here to learn more about the Master of Management, Risk and Analytics (MRA) program at NC State’s Poole College of Management.
- Categories: